Phone Searches at U.S. Borders: What Travelers Need to Know
Customs agents have broad authority to search the electronic devices of travelers entering and leaving the U.S. Here are tips for keeping your data safe.
Privacy
What consumers expect from data security
Security teams spend years building controls around data protection, then a survey asks consumers a simple question about responsibility and the answer lands close to home. Most people believe they are in charge of their own data privacy, and they want…
New Google-Themed Phishing Wave Hits Over 3,000 Global Organisations
Check Point researchers found a phishing scam abusing Google Cloud to target organisations worldwide. Scammers use official domains to steal logins. Read the full details in this exclusive report.
How to Spot the Most Common Crypto Phishing Scams
Crypto phishing scams surged 83% in 2025, targeting wallets with fake sites, approval tricks, and poisoned addresses. One click can drain your funds.
Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach
A hacker using the alias “Lovely” has leaked what they claim is the personal data of over 2.3…
Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new…
Popular NPM Package lotusbail Exposed as Trojan Stealing WhatsApp Chats
Koi Security uncovers lotusbail, a malicious npm package with 56K downloads that steals WhatsApp messages and installs a persistent backdoor. Learn how to protect your data.
Urban VPN Proxy Surreptitiously Intercepts AI Chats
This is pretty scary:
Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, DeepSeek, Grok (xAI), Meta AI.
For each platform, the extension includes a dedicated “executor” script designed to intercept and capture conversations. The harvesting is enabled by default through hardcoded flags in the extension’s configuration.
There is no user-facing toggle to disable this. The only way to stop the data collection is to uninstall the extension entirely.
[…]
The data collection operates independently of the VPN functionality. Whether the VPN is connected or not, the harvesting runs continuously in the background…
New MacSync Stealer Disguised as Trusted Mac App Hunts Saved Passwords
Jamf security experts have found a new version of MacSync Stealer. Disguised as a zk-call app, it uses official notarization to bypass security and steal your saved passwords.
Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape
Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how “Anna’s Archive” bypassed security, and why experts warn against downloading the leaked files.